LONDON – A bug in Facebook’s WhatsApp messaging service allowed hackers to take over users’ applications when they answered an incoming video call, technology websites ZDnet and The Register reported on Wednesday.
The vulnerability, which affected WhatsApp applications on Apple and Android smartphones, was discovered in late August and was fixed by Facebook in early October, according to a technical disclosure report posted online.
Facebook did not respond to requests for immediate comment. It is unclear whether the bug was ever used in an attack before it was fixed.
“This is a big deal,” Travis Ormandy, a researcher at Google Project Zero which discovered the bug, said on Twitter. “Just ++answering a call from an attacker could completely compromise WhatsApp.”
Facebook has suffered a string of security-related problems in the last year. The company last week disclosed its worst-ever security breach affecting nearly 50 million accounts.